The Hacker News — Cyber Security, Hacking, Technology News

In Brief:

Sony is finally bolstering the security of the PlayStation Network by adding Two-Factor Authentication to the servers — almost five years after a massive hack that exposed data of over 77 Million users.

Sony confirmed to Polygon today that it is planning to introduce two-factor verification to its PlayStation Network widely soon after a Twitter user saw a reference to it in the latest 4.80 firmware update for the PlayStation 3.

Although there is no official announcement from the company revealing when two-step authentication will be implemented in PSN, the representative told sources that "more details will be shared at a later date."

Microsoft has been providing two-step verification to its Xbox Live users since 2013. The feature is also used on Battle.net and Steam.

Two-Factor authentication, also known as two-step verification, is a process that requires you to submit two different forms of verification when logging into a service:

One is your Password, and the other is a One-Time-Passcode often generated by a mobile app or received via text message on your smartphone.

The 2011 PlayStation hack exposed the personal information of the entire PSN user base at the time (over 77 Million), including users account names, date of births, email addresses, and credit card details.

The incident was the largest identity theft on record, which forced the company to shut down its entire system for almost a month. The hacktivist collective Anonymous took the responsibility for the breach.

Remember the largest hack on Sony Pictures Entertainment late last year? Well, nobody can forget it. But let me remind you once again:

Sony Picture Entertainment hack was one of the most devastating hacks in the history that leaked several hundred gigabytes of sensitive data, including high-quality versions of five unreleased movies, celebrity phone numbers and their travel aliases, private information of its employees, upcoming film scripts, film budgets and many more.

Now, these large troves of hacked Sony data have been republished by Wikileaks.

THE SONY ARCHIVES

WikiLeaks on Thursday released "The Sony Archives," a fully searchable online database containing more than 30,000 documents and 173,132 emails that, it claims, were stolen from last year's Sony Pictures hack, proving a devastating and embarrassing security failure for the studio.

It is like, Whistleblower Julian Assange has hit the nerve:

The massive hack has already cost the entertainment giant more than $100 Million, and at the time when the company hoped the dust had settled on the last year’s Holocaust…

...Wikileaks – best known for revealing classified government and military documents – republished hundreds of thousands of emails, documents, and other sensitive information in a "fully searchable" format.

Julian Assange – "The documents deserve to be easily accessible."

"This archive shows the inner workings of an influential multinational corporation," WikiLeaks editor-in-chief Julian Assange said in a statement issued on Thursday. "It is newsworthy and at the center of a geo-political conflict. It belongs in the public domain. WikiLeaks will ensure it stays there."

Julian Assange's website also claimed that…

...the documents they published also show Sony's close ties to the United States Democratic Party and its efforts for collecting 'intelligence' on rival studios, including Oliver Stone's latest movie on former NSA contractor, Edward Snowden.

According to Wikileaks, The Sony Archives details email exchanges between Sony Pictures Entertainment and the White House, with nearly "100 US government email addresses" in the published database.

"The work publicly known from Sony is to produce entertainment," Wikileaks said. "However, the Sony Archives show that behind the scenes this is an influential corporation, with ties to the White House, with an ability to impact laws and policies, and with connections to the US military-industrial complex."

The Sony Pictures Entertainment hack was the result of the satirical movie "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un.

The hackers who call themselves the "Guardians of Peace" were apparently trying to prevent the release of The Interview. The FBI traced the hackers to North Korea.

"The Interview", the controversial North Korean-baiting film which appeared to be the root cause of the cyber mishap occurred at Sony Pictures Entertainment that threatened terror attack at theaters showing the movie, now threatens to expose users of Android phones to a malware attack.

Since its release, everyone is talking about "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un. Because cybercriminals are known to take advantage of major events where there is a high level of public interest, The Interview became their target.

In a joint investigation, Security researchers of McAfee and Technische Universität Darmstadt and the Center for Advanced Security Research Darmstadt (CASED) has discovered an Android app claiming to download 'The Interview' comedy on their smartphone devices actually infects users’ devices with banking trojan in order to steal their financial information.

The Banking Trojan is appeared to be hosted on Amazon Web Services and is delivered via a torrent file. Researchers have identified that the malware campaign is targeting Android users in South Korea and is active from the last few days. The campaign is attempting to exploit the popularity of The Interview movie that triggered tension over its release on Christmas.

The malware trojan, detected by the researchers at McAfee as Android/Badaccents, targets customers of some Korean banks as well as an international bank, Citi Bank. According to researchers, the Trojan is selective about its victims and avoids infection of devices sold in North Korea.

"One aspect which will probably raise eyebrows, is that the malware code includes a routine to check the device’s manufacturing information," Graham Cluley wrote on his blog. "If it is set to either 삼지연 (Samjiyon) or 아리랑 (Arirang), smartphone manufacturers whose Android devices are sold in North Korea, the malware will not infect, and instead display a message that an attempt to connect to the server failed."

The researchers' findings cited by Cluley revealed that at least 20,000 devices have been infected and that the information exfiltrated from the devices is uploaded to a Chinese mail server.

Security researchers at McAfee has notified Amazon Web Security about the malware hosting issue so that the Amazon-hosted files can be removed and prevent further infections. However, other online storage services could be used by cybercriminals for carrying out the campaign.

Usually cybercriminals use third party Android app to distribute trojan malware in order to infect smartphone users, but this is the first time when cyber crooks have chosen torrent websites to deliver the Trojan, probably because "The Interview" is already at the top of search results in Korea and most of the countries.

Sony was forced to pull the cinema release of "The Interview," scheduled for Christmas day, after hacker group Guardians of Peace (GOP) threatened to attack any theater that decided to show the film. But the studio will release the controversial North Korean-baiting film via different alternatives.

HACKERS WARNED OF TERROR ATTACK

The massive hacking attack against Sony Pictures Entertainment is getting worst day by day. The hack has yet exposed about 200 gigabytes of confidential data belonging to the company from upcoming movie scripts to sensitive employees data, celebrities phone numbers and their travel aliases, and also the high-quality versions of 5 newest films leak, marking it as the most severe hack in the History.

Week back, the hacker group GOP, who has claimed responsibility for the damaging Sony cyber-attack, demanded Sony to cancel the release of "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un, citing terror threats against movie theatres.

At the beginning of the month when GoP group send a threatening email to Sony executives, they didn't even ask the company to cancel the release of The Interview movie. They never released any statement regarding the movie, but later with second hack they actually demand for the same. It seems that hackers got this TIP from media suggestions and put all the blame to North Korea for making this Drama more interesting.

PULLING THE INTERVIEW – A VERY COWARD ACTION

Not just GOP, the studio has been threatened by a number of hackers group including a group identifying itself as Anonymous. In a statement on Monday to Sony Entertainment CEO Michael Lynton, the hackers group warned the studio to release "The Interview" as originally planned, or else face more damaging hacks.

The Anonymous group also denies that the Sony hackers are linked to North Korea, despite the FBI’s revelation Friday that their probe had determined as much. The group criticized Sony for pulling the movie, saying it was a "very cowardly" act of both the CEO and the organization, alleging it showed "panicking at first sight of trouble."

In fact, President Barack Obama also expressed disappointment in Sony’s decision to pull the film and announced Friday that the studio had made "a mistake" by withdrawing the movie, but said it was the private company's right to do so.

SONY INTENDS TO RELEASE THE INTERVIEW

In response, Michael Lynton, the studio’s chief executive, said that it had "not caved" to hackers who harmed the company and that the studio itself intends to release its controversial film and exploring ways to let audiences see the film, possibly Youtube..

"We would still like the public to see this movie, absolutely," Lynton said during an interview. "There are a number of options open to us. And we have considered those, and are considering them."

BITTORRENT CAME UP WITH A GOOD IDEA

Meanwhile, the popular file-sharing giant BitTorrent has suggested Sony a way to release the controversial film using its new alternative digital-distribution paygate for artists, BitTorrent Bundle, a paid service. The San Francisco-based company believes BitTorrent Bundle is the best way to satisfy both online downloaders and Sony’s desire to release the film.

According to BitTorrent, it's a totally "safe and legal way" for Sony to release "The Interview", with up to 20,000 creators and rights holders currently using the publishing platform. Notably, BitTorrent Bundle had released "The Act Of Killing," a 2012 Oscar-nominated documentary account of mass murder in 1960s Indonesia that stirred controversy for criticizing government officials. The feature was downloaded over 3.5 million times.

Now, let’s wait and watch what Sony decides about BitTorrent offer, but it is very clear that the studio has never been a fan of torrents and if the company accept the offer from the file-sharing giant then it would be an unlikely deal. But this deal sounds to be a convenient one both for Sony and viewers.